Dagens industri: SSL/TLS Certificate Changes Demand Automation

Dagens Industri reports that impending changes to SSL/TLS certificate validity periods will necessitate automated certificate management for businesses to prevent disruptions and mitigate security risks. The CA/Browser Forum has approved progressively shortening the validity period of public SSL/TLS certificates. Currently set at 398 days, the validity period will decrease to 200 days in 2026, 100 days in 2027, and ultimately 47 days by 2029. Fredrik Nilsson, Head of Client Team and domain security expert at Dotkeeper, anticipates that these shorter validation windows will present significant operational challenges. He asserts that manual certificate renewal processes will become unsustainable and characterizes the changes as a critical alert for organizations still relying on them. "Continuing with manual processes is simply not viable when certificates require renewal almost monthly," Nilsson emphasizes. Nilsson advises companies to immediately begin automating their certificate management. He recommends initially mapping all public certificates to achieve complete visibility. Organizations should then identify any manual dependencies within their current management workflows. The final step involves implementing an automated solution capable of handling the increased renewal frequency mandated by the new regulations. By adopting automation now, businesses can minimize future service interruptions, uphold robust digital security, and concentrate on core business activities. Nilsson cautions that many Swedish companies have yet to fully comprehend the implications of these changes and the inherent risks of inaction. Expired certificates can result in service disruptions and security vulnerabilities, underscoring the importance of proactive adoption of automated certificate management, particularly for scaling companies.